summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEike Rathke <erack@redhat.com>2013-04-22 23:06:50 +0200
committerMiklos Vajna <vmiklos@suse.cz>2013-04-24 08:22:48 +0000
commit00609ef4d2ef46700a6411ac0f93114005153a4a (patch)
tree64d9397431ab99a17fc0f31141bfc7470eb63954
parent73623e57b50c461ab3df95065d56908825144009 (diff)
fixed a mess of out of bounds string accesses
(cherry picked from commit 5cd4300f7ffc24d6bc0ed5704f37a04852fd322b) Conflicts: svl/source/numbers/zformat.cxx Change-Id: I800840e1b3c0d97a049b3ceba0ec244365dc8e6b Reviewed-on: https://gerrit.libreoffice.org/3563 Reviewed-by: Fridrich Strba <fridrich@documentfoundation.org> Reviewed-by: Andras Timar <atimar@suse.com> Reviewed-by: Miklos Vajna <vmiklos@suse.cz> Tested-by: Miklos Vajna <vmiklos@suse.cz>
-rw-r--r--svl/source/numbers/zformat.cxx61
1 files changed, 40 insertions, 21 deletions
diff --git a/svl/source/numbers/zformat.cxx b/svl/source/numbers/zformat.cxx
index 1b12669d254e..545d6cc5683a 100644
--- a/svl/source/numbers/zformat.cxx
+++ b/svl/source/numbers/zformat.cxx
@@ -1412,6 +1412,21 @@ SvNumberformat::LocaleType SvNumberformat::ImpGetLocaleType(const OUString& rStr
return (cToken == ']' || nPos == nLen) ? LocaleType(nNum) : LocaleType();
}
+static bool lcl_matchKeywordAndGetNumber( const OUString & rString, const sal_Int32 nPos,
+ const OUString & rKeyword, sal_Int32 & nNumber )
+{
+ if (0 <= nPos && nPos + rKeyword.getLength() < rString.getLength() && rString.matchIgnoreAsciiCase( rKeyword, nPos))
+ {
+ nNumber = rString.copy( nPos + rKeyword.getLength()).toInt32();
+ return true;
+ }
+ else
+ {
+ nNumber = 0;
+ return false;
+ }
+}
+
short SvNumberformat::ImpNextSymbol(OUStringBuffer& rString,
sal_Int32& nPos,
OUString& sSymbol)
@@ -1514,43 +1529,47 @@ short SvNumberformat::ImpNextSymbol(OUStringBuffer& rString,
{
const OUString aNatNum("NATNUM");
const OUString aDBNum("DBNUM");
- OUString aUpperNatNum( rChrCls().uppercase( rString.toString(), nPos-1, aNatNum.getLength() ) );
- OUString aUpperDBNum( rChrCls().uppercase( rString.toString(), nPos-1, aDBNum.getLength() ) );
- sal_Unicode cUpper = aUpperNatNum[0];
- sal_Int32 nNatNumNum = rString.toString().copy( nPos - 1 + aNatNum.getLength() ).toInt32();
- sal_Unicode cDBNum = rString[ nPos - 1 + aDBNum.getLength()];
- if ( aUpperNatNum == aNatNum && 0 <= nNatNumNum && nNatNumNum <= 19 )
+ const OUString aBufStr( rString.toString());
+ sal_Int32 nNatNumNum;
+ sal_Int32 nDBNum;
+ if ( lcl_matchKeywordAndGetNumber( aBufStr, nPos-1, aNatNum, nNatNumNum) &&
+ 0 <= nNatNumNum && nNatNumNum <= 19 )
{
sBuffSymbol.stripStart((sal_Unicode)'[');
- sBuffSymbol.append( rString.toString().copy( --nPos, aNatNum.getLength()+1 ));
+ sBuffSymbol.append( aBufStr.copy( --nPos, aNatNum.getLength()+1 ));
nPos += aNatNum.getLength()+1;
//! SymbolType is negative
eSymbolType = (short) (BRACKET_SYMBOLTYPE_NATNUM0 - nNatNumNum);
eState = SsGetPrefix;
}
- else if ( aUpperDBNum == aDBNum && '1' <= cDBNum && cDBNum <= '9' )
+ else if ( lcl_matchKeywordAndGetNumber( aBufStr, nPos-1, aDBNum, nDBNum) &&
+ '1' <= nDBNum && nDBNum <= '9' )
{
sBuffSymbol.stripStart((sal_Unicode)'[');
sBuffSymbol.append(rString.toString().copy( --nPos, aDBNum.getLength()+1 ));
nPos += aDBNum.getLength()+1;
//! SymbolType is negative
- eSymbolType = sal::static_int_cast< short >( BRACKET_SYMBOLTYPE_DBNUM1 - (cDBNum - '1'));
+ eSymbolType = sal::static_int_cast< short >( BRACKET_SYMBOLTYPE_DBNUM1 - (nDBNum - '1'));
eState = SsGetPrefix;
}
- else if (cUpper == rKeywords[NF_KEY_H][0] || // H
- cUpper == rKeywords[NF_KEY_MI][0] || // M
- cUpper == rKeywords[NF_KEY_S][0] ) // S
- {
- sBuffSymbol.append(cToken);
- eState = SsGetTime;
- cLetter = cToken;
- }
else
{
- sBuffSymbol.stripStart((sal_Unicode)'[');
- sBuffSymbol.append(cToken);
- eSymbolType = BRACKET_SYMBOLTYPE_COLOR;
- eState = SsGetPrefix;
+ sal_Unicode cUpper = rChrCls().uppercase( aBufStr, nPos-1, 1)[0];
+ if ( cUpper == rKeywords[NF_KEY_H][0] || // H
+ cUpper == rKeywords[NF_KEY_MI][0] || // M
+ cUpper == rKeywords[NF_KEY_S][0] ) // S
+ {
+ sBuffSymbol.append(cToken);
+ eState = SsGetTime;
+ cLetter = cToken;
+ }
+ else
+ {
+ sBuffSymbol.stripStart((sal_Unicode)'[');
+ sBuffSymbol.append(cToken);
+ eSymbolType = BRACKET_SYMBOLTYPE_COLOR;
+ eState = SsGetPrefix;
+ }
}
}
}